Hands-on Lab 4 - Firewalls


(DUE February 21, 2006 by midnight EST)

    The objective of this assignment is to learn more about the capabilities of firewalls by working with two different firewalls - the Windows XP firewall, and a popular personal firewall - ZoneAlarm. You will also use other programs, Superscan, a Web browser,and a Web server (Tinyweb) to exercise the capabilities of the firewall.

Pre-assignment:

This lab will take place in the Sail Lab. Sail1, Sail2 and Sail3 have the XP firewalls installed with different configurations.
  1. We have already installed the following software for you:

Assignment:

  1. Part A - XP Firewall
    1. Can you ping Sail1, Sail2, and Sail3 from Sail4 or Sail5?
    2. How would you enable this?
    3. Explain the difference between the firwall configurations for Sail1, Sail2, and Sail3.

       

    4. Can you telnet Sail1, Sail2, and Sail3 from Sail4 or Sail5?
    5. How would you enable this?
    6. Explain the difference between the firwall configurations for Sail1, Sail2, and Sail3.

       

    7. Typically, most webservers have a large number of vulnerabilities.
      In Sail1, Sail2, and Sail3, start the web server from the startUp folder in the Windows Start menu (Note: it may already be started). You should then be able to access the Web page from a browser running on Sail1, Sail2, Sail3 from Sail4 or Sail4 by typing http://IP Address as the URL. Make sure that the Web server is working before starting the firewall. You can also test this from your desktop computer.
      • Can you "access" the Web server?
      • What error message do you get?
      • What entry is made in the log?
    8. Port Scans (One technique used by hackers is to scan the well known TCP ports on a machine to determine what services are available.)
      • Use Superscan to determine what ports are open on Sail1, Sail2, & Sail3. What are they?
      • Check the log on the XP firewall in Sail1 & Sail2
        Wait 3 minutes and check the log.
        • What packets in general do you see being dropped?
        • What are the differences between the two logs? Explain.
      • Scan Sail1, Sail2, & Sail3 once again. What ports are open?
  2. Part B - ZoneAlarm firewall
    1. Do you have a firewall on your home computer? If not download one. I recommend Zone Alarm - there is a free version, it's easy to install, is stable and easy to use.
    2. Take the short tutorial that is presented with Zone Alarm (or your own firewall)
      • What are the main lines of defense?
      • What are program alerts?
      • What zones are available?
      • What is a firewall alert?
      • What is the Internet zone? the trusted zone?
      • What is the Internet lock?
    3. Start the ZoneAlarm firewall (or your own firewall).
    4. As you use your machine you will see program alerts windows. Allow/Disallow access for the programs displayed as you see fit.
    5. Notice the ZoneAlarm icon on the task bar. Right click on it and then left click on restore ZoneAlarm control center. You can now interact with ZoneAlarm. [this will differ for other types of firewalls]
    6. Click on the "firewall" button on the control center.
      • What are the essential differences between the medium and high security settings for the Internet zone?
    7. Machine Scans (Let's see how the firewall affects machine scans.)
      • If you have access to another computer, ping your computer from another computer.
        • Does your computer respond?
      • Click on the Firewall button in ZoneAlarm, and raise the trusted zone security from medium to high. Ping again.
        • What happens?
      • Lower the security to medium.
    8. BONUS ASSIGNMENT (if you have access to another computer; if not, you could pair up with a classmate): Port Scans (One technique used by hackers is to scan the well known TCP ports on a machine to determine what services are available.)
      • Terminate execution of ZoneAlarm (right click on the task bar zone alarm icon and left click on Shutdown ZoneAlarm).
      • Use Superscan once again to determine what ports are open.
        • Did you find any open ports?
        • What port numbers?
        • What services?
      • Now start ZoneAlarm, lower the security setting for the Trusted Zone to "low" and scan its ports once again.
        • Did you find any open ports?
      • Change the security settings for the Trusted zone so that the port scan will not be successful.
        • What did you have to change the security setting to?
    9. Application Control (We are now going to install a network server application (a Web server) and use ZoneAlarm to control access to it.)
      • Shutdown ZoneAlarm.
      • Now kill (terminate) the Web server by control alt delete and cancel the "tiny" process. Start ZoneAlarm. Re-start the Web server.
        • What happens?
      • Do whatever is necessary to allow the Web server to execute.
        • Can you access your Web page?
    10. Now we would like to restrict access to the Web server. It should be accessible from the trusted zone, but not the Internet zone.
      • Read the ZoneAlarm help file to learn more about zones, their use, and how to put machines into a zone.
      • Click on the program control and program tabs in ZoneAlarm. Find the entry for TINY.EXE. You will probably see four green check marks associated with Tiny's entry. Leave the two green check marks for the trusted zone (allow access and allow server). Change the green check marks for the Internet Zone to red Xs by clicking on the dot next to each green check mark. This will disallow access by any computer defined as part of the Internet Zone. Computers are part of the Internet zone if they have not been explicitly defined as being in the local zone. Now start the browser on machine A and access the web page.
        • What happens? Do you get an alert?

    Post-assignment: Answer the following questions -